Skip to main content
CommodityAI maintains comprehensive data security and privacy controls to protect customer information. This document outlines our data storage practices, encryption protocols, compliance certifications, and subprocessor relationships.

Data Storage

CommodityAI utilizes Amazon Web Services (AWS) for data storage with the following practices:
  1. Infrastructure: All customer data is stored in AWS with encryption at rest and in transit
  2. Access Controls: Storage access is restricted to authorized services and personnel, with all access logged and audited
  3. Retention: Enterprise customers may configure custom retention periods or opt for Zero Data Retention (ZDR), where data is automatically purged within 24 hours
  4. Usage: Customer data is used solely for service delivery. CommodityAI does not use customer data for model training without explicit written consent

Encryption

  1. At Rest: All stored data is encrypted using AES-256. Keys are managed through AWS Key Management Service (KMS) with automatic rotation
  2. In Transit: All data transmission uses TLS 1.2 or higher. API communications require HTTPS; unencrypted connections are rejected

Compliance

  1. SOC 2 Type II: CommodityAI is currently in audit with targeted certification in Q1 2026. Reports will be available upon request under NDA

Subprocessors

CompanyDescriptionLocation
Amazon Web Services, Inc.Cloud InfrastructureUnited States
Microsoft AzureCloud InfrastructureUnited States
Google CloudCloud InfrastructureUnited States
OpenAI, LLCArtificial IntelligenceUnited States
Anthropic PBCArtificial IntelligenceUnited States
Mixpanel, Inc.Product AnalyticsUnited States
CommodityAI maintains contractual agreements with all subprocessors requiring equivalent data protection standards.

Contact

For questions regarding data policies or compliance certifications, contact [email protected].